Privacy Policy
Data protection at a glance.
Article 12 of the General Data Protection Regulation obliges us to tell you how we process your data in a precise, transparent, understandable and easily accessible form and in clear and simple language. We want to make a sincere contribution to this and summarise our privacy policy as follows. The details can be found under the summary:
Processing operations | tools/processing procedures used, if applicable |
Processing operations necessary for the performance of contracts | Contact form with Form Designer Contact Form 7. |
Processing operations for which your consent is required
|
Google Analytics, Google Tagmanager, Salesviewer, company pages in social networks (LinkedIn, Twitter), Google Remarketing, YouTube videos, newsletter registration (with Mailchimp) |
Processing operations which are in our legitimate interest | Transient cookies, rights management with the involvement of external legal advice |
Processing operations involving automated decision-making, including profiling where applicable. | No processing takes place here. |
Audience Addressed.
This data protection declaration is directed at all persons who visit our website. All personal terms refer to both male and female and diverse persons and language forms and are always to be understood with the addition “(m/f/d)”.
Person in charge.
The person responsible within the meaning of Article 4 number 7 DSGVO for the processing of personal data of visitors to this website is: Bernstein Health GmbH, Neustädtische Kirchstraße 6, D-10117 Berlin, Telefon: +49 30 275 723 -0, bernsteinhealth@bernstein-group.com, Managing Directors: Clemens Reisbeck, Torsten Diehl Insofar as “we” or “us” are mentioned, this refers to the person responsible presented here. You can reach our data protection officer either under the above-mentioned data with the address addition “Only for the data protection officer” or under dsb@stanhope.de.
Rights of visitors to the website.
Visitors have several rights with regard to the personal data processed about them under the General Data Protection Regulation. In particular
- the right to information about the stored personal data,
- the right to have inaccurately stored personal data corrected,
- the right to erasure of personal data for which there is no legal basis for further storage,
- the right to restrict the processing of stored personal data,
- the right to data portability,
- the right to complain to the supervisory authority for data protection responsible for us.
As far as the factual prerequisites of the respective claims are given and we can identify you, we will fulfil your claims promptly.
Processing operations involving automated decision-making (including profiling, where applicable)
(1) Insofar as we name any tools and/or processing constellations used in the table above (“Data protection at a glance“) in the last line (“Processing operations involving automated decision-making, including profiling if applicable”), this means that we exceptionally carry out a special form of data processing for these tools/processing constellations. In this context, we draw your attention to the following:
1, The special form of processing is the so-called automated decision-making. These are decisions which are based solely on automated processing and which have a significant effect on you, in law or otherwise (e.g. a decision to enter into a contract). Such processing also includes “profiling”, which consists in any form of automated processing of personal data evaluating personal aspects relating to a natural person, in particular for the purpose of analysing or forecasting aspects concerning the data subject’s performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or change of location, insofar as it produces legal effects concerning the data subject or similarly significantly affects him or her.
In principle, such processing operations are prohibited (cf. Article 22(1) GDPR), although there are also exceptions to this prohibition. If we invoke exceptions, we explain them in our data protection information for persons towards whom we make contractual decisions, i.e. usually customers and/or suppliers. We refer to this declaration.
(2) To the extent that we do not list anything in the last line (“Processing operations involving automated decision-making, including profiling where applicable“) in the table above (“Data protection at a glance“), we also do not use this technology within the scope of our website.
Transfer of data to bodies outside the European Union
(1) It is possible that we transfer personal data to bodies that are located outside the European Union or at least cannot exclude this (henceforth: third country body). In these cases, we must guarantee in accordance with Article 44 of the GDPR that the level of protection provided by the GDPR will not be undercut as a result. As a precaution, we would like to point out that the third country agency can be both a controller and a processor.
(2) Insofar as we refer to a so-called adequacy decision in the following statement, this means that the third country agency is located in a country, territory or specific sector for which the Commission has decided that it offers an adequate level of protection. This guarantee then follows from Article 45 GDPR.
(3) Insofar as we refer to the so-called standard contractual clauses in the following declaration, this means that the third country agency has accepted the so-called EU standard contractual clauses and has thus contractually committed itself to respecting the level of protection of the General Data Protection Regulation. This guarantee then follows from Article 46(1) and (5) GDPR.
(4) Insofar as we refer in the following statement to the fact that you have consented to the transfer to the third country body, this means that you have been informed about all existing possible risks of such transfers for which there is no adequacy decision or other guarantees and have nevertheless consented to the data transfer. This guarantee then follows from Article 49(1)(a) of the GDPR. For reasons of transparency, we describe the corresponding risks in a separate section.
(5) We are only providing this information as a precautionary measure. It shall only apply if we refer to it in the following declaration. There is also the possibility that we do not make use of this.
Special constellation: EU standard contractual clauses and third country bodies based in the USA
(1) In addition to the explanations under “Data transfer to bodies outside the European Union” – paragraph 3, we would like to draw your attention to a special constellation. In the case of transfers to third-country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is restricted. Therefore, if we intend to invoke (or are already invoking) the EU standard contractual clauses in this context, please note the following:
(2) We will only base the transfer of personal data to US third country entities on the EU standard contractual clauses if we have previously conducted a thorough review of the related facts. In doing so, we first determine a risk level (type and, in particular, sensitivity of the data concerned, scope of data processing, purpose of data processing, susceptibility to abuse). We then check whether the contractual commitments made by the US third country office and the technical and organisational measures taken there (e.g. processing of data exclusively in EU-based data centres, encryption technology) sufficiently minimise the risks identified in advance. Only if we come to the conclusion that the EU standard contractual clauses are a sufficient guarantee even in the case of a US third-country entity, will we invoke them.
(3) We are only providing this information as a precautionary measure. It shall only apply if we refer to it in the following declaration. There is also the possibility that we do not make use of this.
Special constellation: Consent to transfer to third-country offices located in the USA, including risk information
(1) In addition to the explanations under “Data transfer to bodies outside the European Union” – paragraph 4, we would like to draw your attention to a further special constellation. In the case of transfers to third-country bodies based in the USA, the possibility of invoking the EU standard contractual clauses is restricted. Therefore, in some cases, the only option is to ask for your consent to this transfer. However, before you give this consent, we ask you to take note of the following risks and consider them when deciding whether to consent:
(2) We strongly advise you that a data transfer to the USA without the protection of an adequacy decision may entail significant risks. In particular, please note the following risks:
- there is no uniform data protection law in the US; certainly not one comparable to the data protection law applicable in the EU. This means that both US companies and government agencies have more possibilities to process your personal data, in particular for advertising targeting, profiling and conducting (criminal) investigations. Our possibilities to take action against this are significantly limited.
The US legislator has granted itself numerous rights of access to your personal data (see, for example, Section 702 of FISA or E.O. 12333 in conjunction with PPD-28), which are not compatible with our understanding of the law. In particular, there is no proportionality test comparable to those in the European Union prior to access.
- citizens of the European Union cannot expect effective legal protection in the USA.
- we will generally only ask you for such consent if we have concluded that the US third party cannot successfully rely on EU standard contractual clauses.
(3) We make this declaration merely as a precaution. It shall only apply if we refer to it in the subsequent declaration. There is also the possibility that we do not make use of this.
Note on the legal obligation to process.
Only insofar as we refer to Article 6 (1) sentence 1 lit. c DSGVO in the following data protection declaration is there a legal obligation to process.
Processing operations necessary for the performance of contracts (primary legal basis Article 6(1) sentence 1 lit. b DSGVO).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is the establishment, performance, termination of contracts as well as the defence against claims on your part which are directly or indirectly related to the respective contract.
(2) Insofar as the purpose of the processing is the establishment, performance, termination of contracts, Article 6 (1) sentence 1 lit. b DSGVO is the legal basis for the processing of your personal data. According to this provision, the processing of your personal data is also permissible without your consent if it is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures that are carried out at your request.
(3) Insofar as the purpose of the processing is the defence against claims on your part which are directly or indirectly related to the respective contract, Article 6 (1) sentence 1 lit. b DSGVO shall also be the legal basis in addition to Article 6 (1) sentence 1 lit. f DSGVO. Our legitimate interest in this respect follows from our right to defend ourselves against claims on their part.
(4) Only insofar as we process your data in your function as an applicant or current or former employee on this website, Article 88 DSGVO in conjunction with. Section 26 (1) BDSG2018 is the legal basis. According to this provision, the processing of your personal employee data (including your applicant data) is also permitted without your consent if it is necessary for the performance of an employment contract to which you are a party or for the implementation of pre-contractual measures.
(5) Insofar as we refer to Article 6(1) sentence 1 lit. f DSGVO, you have the right to object to the processing, which in cases of justified objection leads to an end of the processing based on this. And insofar as we do not expressly refer to Article 6(1) sentence 1 lit. c DSGVO, there is no obligation to process.
General information on the retention period of data in the context of the processing operations described below.
(1) We store the data as long as this is necessary to establish, execute, possibly terminate the contract and/or to defend ourselves against claims by you that are directly or indirectly related to the respective contract.
(2) Insofar as a contractual relationship is established between us, we store the data additionally until the expiry of our statutory retention periods. The legal basis for this is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be retained beyond the point in time at which the purpose was achieved. We may be obliged to do so,
- personal data relating to you which is derived from books and records, inventories, annual financial statements, individual financial statements pursuant to section 325 para. 2a HGB, consolidated financial statements, management reports and group management reports, opening balances, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organisational documents required for their understanding, for ten years, whereby the retention period generally begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB),
- to retain data relating to your person resulting from received commercial or business letters, from the reproduction of the received commercial or business letters as well as from other documents which are of significance for taxation for six years, whereby the retention period generally begins with the end of the calendar year in which the relevant document arose (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB).
(3) If we process your data in your capacity as an applicant on this website, we will generally store the data until a final decision has been made regarding your application and
- in the event of rejection for a further six months after rejection, whereby the legal basis for the six-month storage is Article 6 (1) sentence 1 lit. f DSGVO and our legitimate interest follows from the right to defend ourselves against complaints under the AGG (cf. Section 15 (4) AGG),
- in the event that we ask you whether you wish to be included in our applicant pool and you say yes, until the time of revocation of your consent, whereby the legal basis for this storage is your consent pursuant to Article 88 DSGVO in conjunction with. § 26 paragraph 2 BDSG2018.
In the cases of paragraph 3 clauses 1 and 2, we only reserve the right to store data, but this data protection declaration does not establish an obligation to store data.
(4) Insofar as we refer to Article 6(1) sentence 1 lit. f DSGVO, you have the right to object to the processing, which in cases of justified objection leads to an end of the processing based on this. And insofar as we do not expressly refer to Article 6(1) sentence 1 lit. c DSGVO, there is no obligation to process.
Form Designer Contact Form 7.
(1) We use the WordPress plugin Contact Form 7 to create and manage forms. You can learn more about how it works here: https://de.wordpress.org/plugins/contact-form-7/.
(2) In doing so, we generally process all data about the content, manner and scope of your entries in the respective form. You can also find out more about the handling of your data under the heading “Form” in this data protection declaration.
Processing operations for which your consent is required (legal basis Article 6(1) sentence 1 lit. a DSGVO).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is described separately for each tool.
(2) The legal basis for the respective data processing is your consent pursuant to Article 6(1) sentence 1 lit. a DSGVO. According to this provision, the processing of your personal data is permissible if you have given your consent to the processing of the personal data relating to you for one or more specific purposes.
General information on the retention period of data in the context of the processing operations described below.
(1) We store the data until you have revoked your consent.
(2) If a contractual relationship is established between us following processing based on your consent, we may additionally store some of your data until the expiry of our statutory retention periods. The legal basis for this is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be retained beyond the point in time at which the purpose was achieved. We may be obliged to do so,
- to retain data relating to your person resulting from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balances, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organisational documents required for their comprehension for ten years, whereby the retention period generally begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit.As a rule, the retention period begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB),
- to retain data relating to your person resulting from received commercial or business letters, from the reproduction of the received commercial or business letters as well as from other documents which are of significance for taxation for six years, whereby the retention period generally begins with the end of the calendar year in which the relevant document arose (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB).
Note for legal basis “consent”.
(1) Insofar as we obtain consent from you for processing, you have the right to revoke this consent at any time with effect for the future. As a rule, this is possible by sending an informal message to us (see above “Person responsible.”).
(2) Furthermore, we would like to point out that we process further of your personal data within the scope of obtaining consent. These are on the one hand identity features (such as your name, your e-mail address, your IP address) and on the other hand protocol data on consent (time of consent, status of consent, scope of consent). We base this data processing on Article 6(1) sentence 1 lit. c DSGVO in conjunction with. Article 7 (1) DSGVO. The purpose is the need to prove that you have given your consent.
(3) We store the identity features and log data for consent until the end of the third calendar year following the year in which you revoke your consent. The legal basis for this storage is Article 6 (1) sentence 1 lit. f DSGVO, whereby our legitimate interest follows from the fact that we must be able to prove within the relevant, civil law limitation period that and what you have consented to.
Supplemental notice to consent to the use of cookies with a cookie consent banner.
Above (i.e. in the section: “Processing operations for which your consent is required (legal basis Article 6(1) sentence 1 lit. a DSGVO). / Note on legal basis “consent” / paragraph 2), we have pointed out that we are obliged under Article 6(1) sentence 1 lit. c DSGVO to be able to prove at any time that you have given your consent for a particular processing of your personal data. In connection with the use of so-called cookies, we use an external cookie consent banner tool. With this tool, we document your consent to the cookie-based data processing on our website. In this context, we would like to point out that we process personal data about you when we obtain your consent. These are on the one hand identity characteristics and on the other hand protocol data for the consent.
Data processing when using Google Analytics.
(1) To analyse your user behaviour on our website, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will be additionally processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: The tool uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The provider will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.
(2) The purpose can be described as follows: We use this tool to be able to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. You can find more details about the way of processing via this provider here: https://marketingplatform.google.com/intl/de/about/analytics/.
(3) In doing so, we generally process the following data from you: This tool uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a server of the provider in the USA and stored there. However, your IP address will be truncated beforehand by the provider within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by your browser when using this tool is not merged with other data by the provider. We also use this tool for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”. For your information, we would like to point out that we use this tool with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that it is impossible to relate them to a specific person. As far as the data collected about you a personal reference, this is excluded immediately and the personal data is deleted immediately.
(3) The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider; possibly in cooperation with Google LLC. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk information).
Data processing when using the Google Tag Manager.
(1) For the coordination and execution of our analysis of your user behavior on our website as well as our advertising targeting, we use the following service provider with its tool described in more detail in the heading: Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will additionally be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. We would like to briefly describe this processing procedure: Through this tool, we can integrate various codes and services in an orderly and simplified manner on our website. This tool implements the tags or triggers the embedded tags. When a tag is triggered, the provider may also process personal data. It cannot be ruled out that the provider also transmits the data to a server in a third country. The privacy policy of this provider can be found here: https://policies.google.com/privacy?fg=1.
(2) The purpose can be described as follows: We use the tool to integrate various codes and services on our website in an orderly and simplified manner; this is for the purposes of analyzing user behavior and, if necessary, for advertising targeting. You can find more details about the way of processing via this provider here: HYPERLINK “https://marketingplatform.google.com/intl/de/about/tag-manager/” https://marketingplatform.google.com/intl/de/about/tag-manager/.
(3) Here, we generally process those data from you that we process in connection with Google analytics tools and Google advertising. We refer to the other explanations in connection with processing operations in which the provider assists us.
(3) The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider; possibly in cooperation with Google LLC. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk information).
Data processing when using Salesviewer.
(1) We use the SalesViewer tool to analyse your user behaviour on our website. The provider of the tool is SalesViewer® GmbH, Huestraße 30, 44787 Bochum (Federal Republic of Germany). We would like to briefly describe this processing procedure: The tools use so-called “cookies”. These are text files which are stored on your computer and which enable an analysis of your use of the website. The provider will use this information on our behalf for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The purpose can be described as follows: We use these tools to be able to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user.
(3) In doing so, we usually process the following data from you: These tools use so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by this about your use of this website is usually transferred to a server of the tool provider and stored there. We also use this tool for a cross-device analysis of visitor flows, which is carried out via a user ID.
Data processing when using LinkedIn.
(1) We use the above-mentioned social medium. Its provider is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We have neither influence on the collected data and data processing procedures nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by this provider. If you select our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or designing his website to meet your needs. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. A privacy policy of the provider can be found here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.
(2) To the extent that we can influence the data processing, its purpose is to present our company, to analyse your usage behaviour in relation to interaction with our company page maintained there, as well as to communicate with you via this social network (possibly advertising).
(3) The categories of personal data we process about you will depend on the specific use of that social media, as described in paragraph 4.
(4) We maintain a company page on this social network and may analyse whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent that you have given to this provider is decisive.
(5) In addition to our general statements on the legal basis, we also inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6(1) sentence 1 lit. a DSGVO, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6(1) sentence 1 lit. f DSGVO, according to which your data may be processed if it is necessary for the protection of our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail, in particular if the data subject is a child. We have the economic interest to link our company pages, whereby you click on the links independently and voluntarily. In all other respects, the provider is responsible.
(6) If and insofar as we analyse visitor interactions with our company website, we are jointly responsible with this provider for data protection purposes; this in accordance with Article 26 of the GDPR. If and insofar as we commission this provider to process data for us in addition, we are the client within the meaning of Article 28 of the GDPR. The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider, possibly in cooperation with LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49 (1) lit. a DSGVO). This is done vis-à-vis us, insofar as we control the data processing. Please be sure to read our risk notices before doing so (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk notices). Insofar as the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transmission by us to the USA, so that we also do not have to provide any further guarantee within the meaning of Article 44ff DSGVO. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 of the GDPR.
(7) In addition, we point out the following:
Company website
We have linked our company page with this provider on our website. If you click on this link (meaning the link to our company page), you will be taken to our profile. With regard to this processing, we refer to our previous statements on visiting our company page with this provider.
Data processing when using Twitter.
(1) We use the above-mentioned social medium. Its provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. We have neither influence on the collected data and data processing procedures nor are we aware of the full extent of the data collection, the purposes of the processing, the storage periods. We also have no information on the deletion of the collected data by this provider. If you select our company pages, it is possible that the provider will store the data collected about you as a user profile and use it for the purposes of advertising, market research and/or designing his website to meet your needs. You have the right to object to the creation of these user profiles, whereby you must contact the provider to exercise this right. A privacy policy of the provider can be found here: https://twitter.com/de/privacy.
(2) To the extent that we can influence the data processing, its purpose is to present our company, to analyse your usage behaviour in relation to interaction with our company page maintained there, as well as to communicate with you via this social network (possibly advertising).
(3) The categories of personal data we process about you will depend on the specific use of that social media, as described in paragraph 4.
(4) We maintain a company page on this social network and may analyse whether and how you have visited our company page there; whether and how you react to our posts on social networks; whether and how you communicate with us via the channels there. In this respect, the consent that you have given to this provider is decisive.
(5) In addition to our general statements on the legal basis, we also inform you here: If you yourself maintain a profile on this social medium, the legal basis is your consent within the meaning of Article 6(1) sentence 1 lit. a DSGVO, which you have given to the provider of the social network. In all other cases, the legal basis is Article 6(1) sentence 1 lit. f DSGVO, according to which your data may be processed if it is necessary for the protection of our legitimate interests or the interests of a third party, unless your interests or fundamental rights and freedoms requiring the protection of personal data prevail, in particular if the data subject is a child. We have the economic interest to link our company pages, whereby you click on the links independently and voluntarily. In all other respects, the provider is responsible.
(6) If and insofar as we analyse visitor interactions with our company website, we are jointly responsible with this provider for data protection purposes; this in accordance with Article 26 of the GDPR. If and insofar as we commission this provider to process data for us in addition, we are the client within the meaning of Article 28 of the GDPR. The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider, possibly in cooperation with Twitter, Inc, 1355 Market Street #900, San Francisco, California 94103 USA. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49 (1) lit. a DSGVO). This is done vis-à-vis us, insofar as we control the data processing. Please be sure to read our risk notices before doing so (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk notices). Insofar as the provider controls the processing (for example, if you visit the social network independently of an action on our website), there is already no transmission by us to the USA, so that we also do not have to provide any further guarantee within the meaning of Article 44ff DSGVO. In this case, there is at most a relationship between us and the provider of the social network within the meaning of Article 26 of the GDPR.
(7) In addition, we point out the following:
Data processing when using Google Remarketing.
(1) We use the above-mentioned social medium. Its provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will additionally be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. A privacy policy of the provider can be found here: https://policies.google.com/privacy?fg=1.
(2) This is a procedure with which we would like to address you with advertising. Through this application, our advertisements can be displayed to you after visiting our website during your further internet use. This is done by means of cookies stored in your browser, via which your usage behaviour is recorded and evaluated by the provider when you visit various websites. In this way, your previous visit to our website can be determined by this provider. According to the provider’s own statements, the data collected in the course of remarketing is not merged with your personal data that may be stored by the provider. In particular, according to this provider, pseudonymisation is used in remarketing. This is done across all devices on which you are logged in with an account with this provider or were logged in for only a short moment.
(3) These advertising materials are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days and are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie. These cookies enable Google to recognise your internet browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer will be able to recognize that the user clicked on the ad and was redirected to that page. A different cookie is assigned to each Ads customer. Cookies can therefore not be tracked across Ads customers’ websites. We ourselves do not collect or process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the provider’s server.
(4) You can prevent participation in this tracking process in various ways: a) by adjusting your browser software settings accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third-party providers; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads, whereby this setting will be deleted when you delete your cookies.
(5) The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider; possibly in cooperation with Google LLC. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk information).
Data processing when using YouTube (without own channel)
(1) We use the above-mentioned video platform or video portal on our website. Their provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043. If you are based within the European Economic Area, your data will be additionally processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland. A privacy policy of the provider can be found here: https://policies.google.com/privacy?fg=1.
(2) We are happy to briefly describe this processing procedure: Plugins of the video portal YouTube are integrated on our website. Each time you call up a page that offers one or more YouTube video clips, a direct connection is established between your browser and a YouTube server. These videos are all integrated in the “extended data protection mode”. No data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 3 will be transmitted. We have no influence on this data transmission. If you use a Google account and do not wish to have your profile associated with YouTube, you must log out before activating the button.
(3) In doing so, we generally process the following data from you: By visiting the website, YouTube receives the information that you have called up the corresponding sub-page of our website. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact YouTube to exercise this right. Further information on the purpose and scope of data collection and processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy: https://www.google.de/intl/de/policies/privacy.
(4) The data processing operations are also not prevented by the fact that the data may be processed outside the European Union by the provider; possibly in cooperation with Google LLC. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk information).
Data processing when using Mailchimp.
(1) We use the above marketing automation service providers. Its provider is The Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, USA.
(2) We are happy to briefly describe this processing operation: We use this provider to apply marketing measures to you, which we have identified and described as such in this privacy policy. You can find more details about the scope of functions and thus also about the way in which we process your data with this provider here: https://mailchimp.com/marketing-platform/. We have commissioned this provider with the processing of your personal data required in this respect in accordance with Article 28(3) DSGVO. The privacy policy of this provider can be found here: https://mailchimp.com/legal/privacy/.
(3) In doing so, we generally process the following data from you: We process all data that we use for advertising purposes, as already described in this privacy policy.
(4) The data processing operations are also not prevented by the fact that the data may be processed outside the European Union. This is because the processing of your personal data via this tool only takes place if you consent to the associated data transfer to the USA (cf. Article 49(1)(a) DSGVO). Please be sure to read our risk information beforehand (cf. General Section/Special Constellation: Consent to Transfer to Third-Party Entities Located in the USA, including the risk information).
Data processing when sending a newsletter.
(1) We may process your data to send you a newsletter. A newsletter is an electronic newsletter that is published on a regular basis. At the beginning, you provide us with the data that we request to subscribe to the newsletter. After carrying out the double opt-in procedure (cf. paragraph 2), we use your data to address you by means of a newsletter.
(2) To obtain consent, we use the so-called double opt-in procedure. This means that after your registration, we will send you an email to the email address you provided in which we ask you to confirm your consent. If you do not confirm your registration within 7 days, your information will be blocked and automatically deleted after one month. In addition, we store your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data. The legal basis for this processing is Article 6 paragraph 1 sentence 1 lit. c DSGVO. According to this provision, we may process your data if this is necessary for the fulfilment of a legal obligation to which we are subject. The legal obligation to which we are subject follows from Article 7(1) DSGVO or Article 5(1) DSGVO. This is because according to these provisions, we are legally obliged to document the obtaining of consent. This is only possible if we collect your data for this purpose for verification purposes. We store the data as long as this is necessary for verification purposes. If you confirm the consent, the retention period ends only after revocation of your consent plus the time until the statute of limitations of any civil claims, so usually on 31 December of the 3rd calendar year following the year in which you revoked your consent.
(3) In doing so, we generally process the following data from you: The data that you provide to us for registration to the newsletter and the data that we need in accordance with paragraph 2 to prove the granting of consent (opt-in status data) and, if applicable, data for revoking your consent.
Processing operations that are in our legitimate interest (legal basis Article 6(1) sentence 1 lit. f DSGVO).
General information on the purpose and legal basis of the processing operations described below.
(1) The purpose of the processing operations described below is described separately for each tool. It is the decisive justification for our legitimate interest in the processing.
(2) The legal basis for the respective data processing is Article 6 (1) sentence 1 lit. f DSGVO. According to this provision, the processing of your personal data is also permitted without your consent if it is necessary for the protection of our legitimate interests or those of a third party, provided that your interests or fundamental rights and freedoms requiring the protection of personal data do not prevail.
General information on the retention period of data in the context of the processing operations described below.
(1) We store the data until our purpose has ceased to exist, which is always the case if you have raised a justified objection (cf. “Note on the right to object.”).
(2) Should a contractual relationship be established between us following processing based on the legitimate interest, we shall store the data on a supplementary basis until the expiry of our statutory retention periods. The legal basis for this is Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO, § 257 HGB. According to these regulations, some of the above-mentioned data must also be retained beyond the point in time at which the purpose was achieved. We may be obliged to do so,
- to retain data relating to your person resulting from books and records, inventories, annual financial statements, individual financial statements pursuant to Section 325 (2a) of the German Commercial Code (HGB), consolidated financial statements, management reports and group management reports, opening balances, accounting vouchers, documents pursuant to Article 15 (1) and Article 163 of the Union Customs Code, commercial books as well as the work instructions and other organisational documents required for their comprehension for ten years, whereby the retention period generally begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit.As a rule, the retention period begins with the end of the calendar year in which the relevant document was created (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB),
- to retain data relating to your person resulting from received commercial or business letters, from the reproduction of the received commercial or business letters as well as from other documents which are of significance for taxation for six years, whereby the retention period generally begins with the end of the calendar year in which the relevant document arose (Article 6 (1) sentence 1 lit. c DSGVO in conjunction with. § 147 AO resp. i.V.m. § 257 HGB).
Note on the right to object.
(1) Insofar as we base data processing in the following data protection statement on Article 6 (1) sentence 1 lit. f DSGVO, i.e. on a legitimate interest in the processing, you always have the right to object to the processing. As a rule, this is possible by sending an informal message to us (see “Responsible party.” above). If the objection is justified, we will stop the processing.
(2) If the legitimate interest is based on the interest in direct advertising or promotional targeting, your objection is always justified insofar as you are identified.
Informational use of the website.
(1) If you use our website purely for information purposes, i.e. if you do not register as a user or otherwise transmit information, we collect the following data from you: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case , website from which the request comes, browser, operating system and its interface, language and version of the browser software. We receive this data via cookies and directly from your browser.
(2) The purpose of this processing is the provision of our website and statistical analysis.
Transient cookies.
(1) We would like to briefly describe this processing procedure: We use so-called transient cookies on our website. These include in particular the session cookies. These store a so-called session ID, with which various requests of the visitor’s browser can be assigned to the common session. This means that the visitor’s computer can be recognised when the visitor returns to your website.
(2) The purpose, from which our legitimate interest also follows, can be described as follows: The cookies serve the presentation and use of the website suitable for you.
(3) In doing so, we usually process the following data from you: Session cookies. These store a so-called session ID, with which various requests of your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Rights Management.
(1) You have certain rights vis-à-vis us (cf. General Section, Rights of Visitors to the Website). If you assert rights against us, we process the associated contact, communication and transaction data.
(2) We process your data as follows:
- we take your request.
- we will check your request.
- if justified, we will comply with your request.
- we store the data associated with this.
(3) While the processing within the meaning of paragraph 2 (1) to (3) is justified by Article 6(1) sentence 1 lit. c of the GDPR (we are generally obliged to process your requests under the GDPR), the purpose of the storage (paragraph 2 (4)) is that we store the data in order to be able to defend ourselves against claims from you at a later date. This is also our legitimate interest. We store your data until the end of the third calendar year following your request/input (cf. Article 6 (1) sentence 1 lit. f DSGVO in conjunction with Sections 193, 195 BGB).
External advice if you make a claim.
(1) You have certain rights vis-à-vis us (cf. General Section, Rights of Visitors to the Website). If you assert your rights against us, we will transfer your data to external consultants who we have either sworn to secrecy or who are bound to silence by professional law.
(2) The purpose of the processing is for us to obtain expert advice to deal with your concerns in a legally compliant manner. This is in both our and your legitimate interests.